Olivia
Online
postal dude
@p_dude
Berlin
Joined May 2009
1.5K Following
286 Followers
13.1K Posts
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
HWInfo and CPU-Z both compromised. Millions about to be PWNED!
CPU Z:
https://t.co/cGVLSVUIX6
HW Monitor:
https://t.co/4Puwc5EheK
WireGuard has some big updates ready to go on Windows, our first on the platform in nearly 4 years. We've done some nice modernizations and improvements, fixed bugs, added features, updated the toolchain, and more. But our release is currently blocked by @Microsoft.
The recent thread on Hacker News encouraged me to write this up, rather than just grumbling to myself privately about it as I have the last two weeks.
I logged in to get the WireGuardNT driver signed -- a necessary step for driver authors -- and was greeted by this vague message that the account has been suspended. Looking further into it, it seems like they instituted an identity verification policy, didn't notify me about it, and then I guess they suspended accounts who didn't do the verification. So of course I did the ID card verification immediately, but now an appeal is necessary. The appeals process requires filing a support ticket, but filing a support ticket requires a non-suspended account... Catch-22, eventually resolved by filing one through Azure and getting it rerouted to the right department. That was two weeks ago. Now they've told me there's a 60 day appeal review period. Wish us luck!
It's a little crazy, because what if there was some critical ring 0 RCE vuln that was being exploited in the wild and that needed to be patched immediately? (Just hypothetical; there isn't.) In that case, telling users "sorry, you've got to wait 60 days" would be sort of bad. And users of WireGuard for Windows are also Microsoft Windows users, so I can't see how this is good for Microsoft either. I think it must just be a case of bureaucracy gone slightly off the rails. Happens.
If any Microsofters are able to make this take not-sixty-days, please do get in touch.
The White House App has OneSignal's full GPS pipeline compiled in, polling your location every 4.5 minutes, syncing your exact coordinates to a third party server.
Who to follow
chevynetti neuer Account
@Chevynetti67
PIRAT aus Überzeugung, SE Teltow SVV Teltow #Gesundheit u.#Soziales,#Kräuterhexe, #Katzenmutti, #RepairCafeTeltow, #Seniorenbegleiter
Kugelschrei
@dgehse
Geek, Nerd, Computerfreak, Whatever.
MOGiS e.V. - eine Stimme für Betroffene
@mogisverein
MOGiS e.V. - Eine Stimme für Betroffene. German organization of abuse survivors and people affected by non-therapeutic genital surgeries
@liberalornot @Telekom_hilft @Callsign_Smokey Dann hast du zusätzlich noch Packet Loss zu deinem DNS-Resolver und es scheitert noch vor dem Laden der Inhalte an der DNS-Auflösung.
@Letsion1 Hilft kein bisschen, wenn man schon Packet Loss zum WARP Endpoint hat.
@Telekom_hilft @Callsign_Smokey Dann schickt mir bitte das Wireguard Profil zu, damit ich das in meinem Router konfigurieren kann. Gerne per DM.
Trump in Davos, Switzerland:
"Without us, right now you'd all be speaking German".
German is the main language of Switzerland.
#Servicetweet Wir haben beschlossen, unser Engagement hier zu beenden.Die Art und Weise wie hier Meinung gemacht, unsere Demokratie, die Verwaltung,der ÖRR und alles, was eine freiheitliche und aufgeklärte Gesellschaft ausmacht, delegitimiert wird, ist nicht mehr zu ertragen. 1/2
We have people in power making broad claims around certain drugs and autism that have been continuously disproven. The degree to which those comments can undermine public health, do harm to women who are pregnant, create anxiety for parents who do have children who are autistic – is violence against the truth.
Republicans can’t win on their policies, so they are trying to dodge accountability by rewriting the rules. These lawmakers are going out of their way to silence the will of the people and deliberately undermine our democracy.
Das sehe ich anders. Annalena Baerbock hat nie Angriffe auf Zivilist*innen legitimiert. Sie hat völkerrechtlich korrekt referiert, dass zivile Einrichtungen zu legitimen mil. Zielen werden können, wenn Sie von einer Konfliktpartei für militärische Zwecke genutzt werden. Ist Fakt.
Musste er gehen, weil der Zug nicht kam?
@dixon_frank_2 @PlixoSgp @user_101524 @gnukeith Yep. And you can combine both. Let Pi-Hole (or AdGuard Home) use your Unbound instance as upstream resolver. That's what I do. Another alternative is Technitium: a full-fledged recursive resolver which supports blocklists https://t.co/7voodV9lYt
@SurScribbles @PlixoSgp @user_101524 @gnukeith Recursively from the DNS root servers. Like any other recursive resolver. Without sending any unnecessary information to third parties. https://t.co/mpEvTfszx1 Nothing more to find out here.
@PlixoSgp @user_101524 @gnukeith There is absolutely no reason to use any public DNS service. Why trust a third party? Just set up your own resolver https://t.co/kcW9L8EXyr
For the low price of $0, you can shape POSTAL 2 Redux into an even better project!
All you need to do is follow the Kickstarter campaign and you'll be notified when it goes live. If there's enough followers, we'll include the much anticipated... SUPER-FUN PIGEON HUNTER MISSION!
European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they're something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
https://t.co/CxWQDCcVpO
BREAKING: I will object to Republicans moving forward on their Big, Ugly Bill without reading it on the Senate floor
Republicans won’t tell America what’s in the bill
So Democrats are forcing it to be read start to finish on the floor
We will be here all night if that’s what it takes to read it
Last Seen Users on Sotwe
Hakanseda
Seen from Turkey
ihanet evli bekar ve dul bayanlar herşey gizli olm
Seen from Turkey
HypeFener 
Seen from Turkey
mình thích lái máy bay
Seen from Vietnam
gay porn
Seen from United States
🇫 🇪 🇷 🇲 🇦 🇳 ☢️
Sen ben
Seen from Switzerland
kagerou
Seen from Japan
Vk Dâm thích cặc to
Seen from Vietnam
Serbia Boy
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers